Good idea, but if I followed the conversation here correctly, the desire was to minimize the number of windows required for the user to pass through during the installation. Having a window where the user has to do something, that in essence, seems really really random probably isn't the best thing to put in the installer. Would it be possible to delay key generation until the system uptime has reached a certain time or the user specifically requests the key to generated (in which case they can get to hammer on their keyboard).
> > On Wed, Sep 24, 2008 at 9:37 PM, Michael Casadevall < > [EMAIL PROTECTED]> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I've did some work implementing /dev/random in GNU Hurd (yes, yes, I >> know :-P). Static bootups are fairly constant, i.e., poor source of >> entropy, so that is a major problem. However, it might be possible to >> have the user provide or generate entropy (maybe a friendly message >> such as "Ubuntu needs to generate entropy to encrypt your files, >> please bang on the keyboard like a monkey"), or the ability to provide >> a private key from another source like a USB key or something. >> Michael >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (GNU/Linux) >> Comment: http://getfiregpg.org >> >> iEYEARECAAYFAkjbB1wACgkQpblTBJ2i2psm4ACfcjq/0QyAV3PARKIgWmfNpdTy >> WKQAni0DPfLwUwW39PVklGZ32wCaS0do >> =TGV+ >> -----END PGP SIGNATURE----- >> >> On Wed, Sep 24, 2008 at 11:28 PM, Kienan Stewart >> <[EMAIL PROTECTED]> wrote: >> > Hi >> > >> > I was looking at the wikipedia article on /dev/random and /dev/urandom, >> > having previously not used them. The article linked to a paper that >> analyzed >> > the cryptographic procedures of the /dev/random and /dev/urandom in >> linux. >> > The main thing that I took out of paper and the wikipedia article was >> that >> > there was a small concern about the lack of entropy available in >> /dev/random >> > during installs and on livecds. If the key is generated right after a >> > reboot, they may not be sufficiently random. I'm not sure, but this >> could be >> > a thing to consider if keys are going to be generated early in the >> install >> > procedure. Would anyone else consider this a concern? >> > >> > P.S. Sorry if I sent this to someone twice, gmail only replies to the >> last >> > writer and not the list. My apologies. >> >> >> >> On Tue, Sep 23, 2008 at 3:48 PM, Onno Benschop <[EMAIL PROTECTED]> >> wrote: >> >>> >> >>> On 24/09/08 01:43, Dustin Kirkland wrote: >> >>> > That said, let me throw out another perhaps more controversial >> >>> > option... What if we didn't ask, and we just provided ~/Private >> >>> > encrypted by default? If unspecified, the mount passphrase is >> >>> > randomly generated from 128 bits of /dev/urandom. We can do that >> >>> > completely entirely and reliably without adding a screen to the >> >>> > installer, and provide the system administrator user a secure, >> >>> > encrypted location to drop critical data by default on any Ubuntu >> >>> > Server >> >>> When I saw the previous posts come past I wondered if this wasn't a >> >>> better option. Leading by example. >> >>> >> >>> I'm not familiar with how it's created, but could it be "built-in" as >> >>> you suggest and be created when an account is made as part of the >> >>> adduser process? >> >>> >> >>> Could the (initial) pass-phrase be the user's login password? >> >>> >> >>> >> >>> -- >> >>> Onno Benschop >> >>> >> >>> Connected via Optus B3 at S31°54'06" - E115°50'39" (Yokine, WA) >> >>> -- >> >>> ()/)/)() ..ASCII for Onno.. >> >>> |>>? ..EBCDIC for Onno.. >> >>> --- -. -. --- ..Morse for Onno.. >> >>> >> >>> ITmaze - ABN: 56 178 057 063 - ph: 04 1219 8888 - >> >>> [EMAIL PROTECTED] >> >>> >> >>> >> >>> >> >>> -- >> >>> ubuntu-server mailing list >> >>> ubuntu-server@lists.ubuntu.com >> >>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server >> >>> More info: https://wiki.ubuntu.com/ServerTeam >> >> >> > >> > >> > -- >> > ubuntu-server mailing list >> > ubuntu-server@lists.ubuntu.com >> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server >> > More info: https://wiki.ubuntu.com/ServerTeam >> > >> > >
-- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
